linux-headers-5.15.0-1028-gke for Ubuntu 22.04
Elad Gabay
elad.gabay at wiz.io
Mon May 15 09:54:09 UTC 2023
1. Now, instaed of "apt install -y linux-headers-$(uname -r)", I do
"""
KERNEL_VERSION="$(uname -r | sed 's,-gke,,g')"
pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' linux-headers-${KERNEL_VERSION}-gke -s all
pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' linux-gke-headers-${KERNEL_VERSION} -s all
apt install -y ./*.deb
"""
and it looks OK.
1. I use the latest GKE version, seems like they didn't update the kernel versions in them..
Thanks!
________________________________
From: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
Sent: Monday, May 15, 2023 12:46
To: Elad Gabay <elad.gabay at wiz.io>
Cc: ubuntu-devel-discuss at lists.ubuntu.com <ubuntu-devel-discuss at lists.ubuntu.com>
Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
Caution - External Sender
1) did you try pull-lp-debs as suggested in the first email, and is
that not sufficient to find/download header debs and install them?
2) I have to point out that linux-gke 5.15.0-1028.33 was superseded on
2023-01-06 (more than 4 months ago) by linux-gke - 5.15.0-1024.29
The kernel gke abi you are using is 4 months obsolete and likely
contains multiple publicly known security vulnerabilities. GKE
provides multiple update mechanisms (cluster/image based, or
apt/unattended-upgrades based) , which one should be using to receive
kernel security updates for your cluster. Please contact your GKE
support to investigate why your clusters are not receiving security
updates.
Given your post, and other posts from other GKE users, I am deeply
concerned that many GKE deployments are not receiving updates, which
Ubuntu is publishing for GKE. Note that Ubuntu has no callhome
capability to explain why particular Ubuntu installations are not
downloading and applying security updates.
On Sun, 14 May 2023 at 12:26, Elad Gabay <elad.gabay at wiz.io> wrote:
>
> Hi,
> I don't have access to do full host bind mount therefore I can't use headers from the node, I need to be able to fetch the headers from a container\other machine.
> Now I see the same for linux-headers-5.15.0-1030-gke version.
> Thanks
> ________________________________
> From: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> Sent: Saturday, May 13, 2023 03:03
> To: Elad Gabay <elad.gabay at wiz.io>
> Cc: ubuntu-devel-discuss at lists.ubuntu.com <ubuntu-devel-discuss at lists.ubuntu.com>
> Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
>
> Caution - External Sender
>
>
> Please see this discussion over here
> https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html and
> the emails before/later in the thread.
>
> tl;dr Note you have access to headers on the host that you can bind
> mount in the container, you are using obsolete out-of-date kernel ABI.
> You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
> fetch desired packages for Jammy ABI directly from launchpad.
>
> On Sat, 13 May 2023 at 00:51, Elad Gabay <elad.gabay at wiz.io> wrote:
> >
> > Hello,
> > Is there a reason that "linux-headers-5.15.0-1028-gke" published only for Ubuntu 20.04 but not for 22.04?
> > https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
> > Ubuntu – Details of package linux-headers-5.15.0-1028-gke in focal
> > Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
> > packages.ubuntu.com
> >
> >
> > Thanks
> > Elad
> > --
> > Ubuntu-devel-discuss mailing list
> > Ubuntu-devel-discuss at lists.ubuntu.com
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> okurrr,
>
> Dimitri
--
okurrr,
Dimitri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20230515/ec585828/attachment-0001.html>
More information about the Ubuntu-devel-discuss
mailing list